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•- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )K Responsive to communication(s) filed on 08 January 2001 . 
2a)D This action is FINAL. 2b)03 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-35 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-35 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 0 Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 
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DETAILED ACTION 



1. This action is responsive to communication: original application filed 
08 January 2001. 

2. Claims 1-35 are currently pending in this application. Claims 1, 8, 13, 16, 18, 23, 24, 29, 
32, and 34 are independent claims. 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language 



4. Claims 1-2, 4-8, 10-24, and 26-35 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Olden U.S. Patent No. 6,460,141 (hereinafter '141). 

As to independent claim 1, "A method for accommodating a legacy 
application, the method comprising: obtaining a request for a high-level 
credential from a legacy application; marshalling the requested credential; 
returning the marshaled credential to the application" is taught in '141 col. 25, 
lines 29-39. 



Claim Rejections - 35 USC § 102 
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As to dependent claim 2, "further comprising, after the obtaining, seeking 
the requested credential in a database of credentials" is shown in '141 col. 25, 
lines 29-35. 

As to dependent claim 4 "wherein the marshaled credentials appear to be a 
conventional username/password pair to the legacy application" is disclosed in 
'141 col. 25, lines 29-35. 

As to dependent claim 5, "wherein marshalling comprises: obtaining the 
requested high-level credential; pickling the requested high-level credential to 
generate a low-level credential that represents the requested high-level credential 
while appearing to be a conventional username/password pair to the legacy 
application" is taught in '141 col. 25, lines 29-39. 

As to dependent claim 6, "A method as recited in claim 1, wherein the 
legacy application never has access to the high-level credential" is shown in '141 
col. 24, lines 25-50. 

As to dependent claim 7, this claim is directed to a computer-readable medium 
of the method of claim 1 and is rejected along the same rationale. 

As to independent claim 8, this claim incorporates substantially similar subject 
matter as claim 1 and is rejected along the same rationale. 

As to dependent claims 10 and 11 these claims incorporate substantially 
similar subject matter as claims 4 and 6; therefore they are rejected along the same 
rationale. 
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As to dependent claim 12, this claim is directed to a computer-readable 
medium of the method of claim 8 and is rejected along the same rationale. 

As to independent claim 13, this claim incorporates substantially similar subject 
matter as claim 1 and is rejected along the same rationale. 

As to dependent claim 14, "further comprising repeating the obtaining, 
locating, and returning for a different network that is authenticated using a 
different credential" is taught in '141 col. 23, line 55-67 and col. 25 lines 5-20. 

As to dependent claim 15, this claim is directed to a computer-readable 
medium of the method of claim 12 and is rejected along the same rationale. 

As to independent claim 16, "A method for concurrently accessing a first 
resource on a first network and a second resource on a second network" is taught 
in '141 col. 25 lines 39-42. 

"the method comprising: first obtaining a first request for a first credential 
to authenticate a user to access a first resource of the first network, wherein the 
first resource requires an appropriate first credential before the user may access 
the first resource; first locating the appropriate first credential; first returning the 
appropriate first credential to the first resource of the first network, so that the 
first resource allows the user to access the first resource; wherein the first 
obtaining, locating, and returning are performed without user interaction so that 
the user need not be aware that such steps are being performed" is shown in 141 
col. 25, lines 29-39; 
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"second obtaining a second request for a second credential to authenticate 
a user to access a second resource of the second network, wherein the second 
resource requires an appropriate second credential before the user may access 
the second resource; second locating the appropriate second credential; second 
returning the appropriate second credential to the second resource of the second 
network, so that the second resource allows the user to access the second 
resource; wherein the second obtaining, locating, and remaining are performed 
without user interaction so that the user need not be aware that such steps are 
being performed" is disclosed in '141 col. 25, lines 21-39. 

As to dependent claim 17, this claim is directed to a computer-readable 
medium of the method of claim 16 and is rejected along the same rationale. 

As to independent claim 18, "A credential management architecture, 
comprising: a trusted computing base (TCB) that has 111 access to persisted 
credentials, the TCB being configured to interact with an entrusted computing 
layer (UTCL) that accesses the persisted credentials via the TCB; the TCB 
comprises: a credential management module configured to receive requests from 
the UTCL for a credential for a resource" is taught in '141 col. 3, lines 39-61 ; 

"the credential being associated with a user; a credential database 
associated with the user, wherein credentials are persisted within the database; 
the credential management module being configured to retrieve credentials from 
the database" is shown in '141 col. 4, lines 27-34. 

As to dependent claim 19, "architecture as recited claim wherein credential 
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management module is further configured to marshal a requested credential and 
return the marshaled credential to the UTCL" is disclosed in '141 col. 4, lines 35-45. 

As to dependent claim 20. An architecture as recited in claim 18, wherein 
the marshaled credentials appear to be a conventional username/password pair 
to the UTCL" Is taught in 141 col. 7, lines 26-41 . 

As to dependent claim 21, this claim is directed to a computer-readable 
medium of the method of claim 18 and is rejected along the same rationale. 

As to dependent claim 22, this claim is directed to an operating system on a 
computer-readable medium of the method of claim 18 and is rejected along the same 
rationale. 

As to independent claim 23, this claim is directed to an apparatus of the 
method of claim 1 and is rejected along the same rationale. 

As to independent claim 24, this claim is directed to the system of the method 
of claim 8 and is rejected along the same rationale. 

As to dependent claims 26, 27, and 28, these claims incorporate substantially 
similar subject matter as claims 4, 5, and 6; they are rejected along the same rationale. 

As to independent claim 29, "A system for authenticating a user to a 
network, the system comprising: a request obtainer configured to obtain a 
request for a credential to authenticate the user to access a resource within the 
network" is taught in '141 col. 3, lines 39-61; 

"wherein the resource requires an appropriate credential before the user 
may access the resource; a credential retriever configured to retrieve the 
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appropriate credential from a database of credentials, a credential retriever 
configured to return the appropriate credential to the resource within the network, 
so that the resource allows the user to access such resource" is shown in 1 141 col. 
4, lines 27-34; 

"wherein the obtainer, retriever, and returner are further configured to 
operate without user interaction" is disclosed in '141 col. 25, lines 39-41. 

As to dependent claim 30, this claim is directed toward an operating system 
comprising a system as recited in claim 29 and is rejected along the same rationale. 

As to dependent claim 31, A network environment comprising a system as 
recited in claim 29. 

As to independent claim 32, "An application programming interface (API) 
method comprising" is taught in '141 col. 3, lines 39-61; 

"receiving a CredUI-promptfor-credentials call having a set of parameters 
comprising a TargetName, Context, AuthFlags, and Flags; parsing the call to 
retrieve the parameters to determine a specified resource; obtaining a credential; 
associating the credential with the specified resource; persisting the credential 
into a database while maintaining the credential's association with the specified 
resource" is shown in '141 col. 9, line 27 through col. 10, line 36. 

As to dependent claim 33, "wherein the set of parameters further 
comprises an indicator of a data structure containing customized information to 
display in conjunction with a user interface" is disclosed in '141 col. 10, 32-39. 
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As to independent claim 34, "An application programming interface (API) 
method comprising: receiving a CredUI-promptfor-credentiais call having a set of 
parameters comprising a TargetName, UserName, Password, and Flags; parsing 
the call to retrieve the parameters to determine a requesting application" is taught 
in '141 col. 9, lines 27-45; 

"obtaining a low-level credential from a user, wherein such credential 
includes a username and a password; returning the low-level credential to the 
requesting application" is shown in '141 col. 7, lines 26-41. 

As to dependent claim 35, "wherein the set of parameters further 
comprises an indicator of a data structure containing customized information to 
display in conjunction with a user interface" is disclosed in '141 col. 10, lines 17-39. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 3, 9, and 25, are rejected under 35 U.S.C. 103(a) as being unpatentable 
over '141 as applied to claims 1, 8, 24, in further view of McNabb et al. U.S. Patent No. 
6,289,462, (hereinafter '462). 

As to independent claim 3, the following is not taught in '141 "wherein a high- 
level credential is a credential selected from a group composed of X.509 
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Certificates and bio-metrics" however '462 teaches "The authentication module 9 of 
the trusted server system can be configured to request a user to provide a user ID and 
a site-definable authentication response (such as a password, a biometric device, a 
smart card, or an access token check)" in col. 15, lines 54-57. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify a security and access management method that accommodates 
legacy applications taught in '141 to include an authentication means that utilizes 
certificates and biometrics. One of ordinary skill in the art would have been motivated to 
perform such a modification because one of the most respected evaluation integrity 
tools is certificates see '462 (col. 4, lines 6-33) "Trusted operating systems undergo 
evaluation of their overall design, verification of the integrity and reliability of their source 
code, and systematic, .... ITSEC certification, performed by an independent body 
provides ... What is desired therefore is system where these components are fully 
integrated to provide a secure platform for network services, where users can install the 
system and immediately begin taking advantage its security features". 

As to dependent claims 9 and 25, these claims incorporate substantially similar 
subject matter as claim 3 and they are rejected along the same rationale. 



Application/Control Number: 09/757,058 
Art Unit: 2134 



Page 10 



Conclusion 



7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(703) 305-8917. The examiner can normally be reached on 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (703) 308-4789. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 306- 
5484. 



Ellen Tran 
Patent Examiner 
Technology Center 2134 
3 June 2004 




